diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..11657e3 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +db +.php-* +REPORT_CONTENTS diff --git a/database.php b/database.php new file mode 100644 index 0000000..2aad542 --- /dev/null +++ b/database.php @@ -0,0 +1,214 @@ +connect($redis_host, $redis_port)) { + /* if ($redis_password) { */ + /* $redis->auth($redis_password); */ + /* } */ + return $redis; + } + return false; + } catch (Exception $e) { + error_log("Redis connection error: ".$e->getMessage()); + return false; + } +} + +function initializeNewUser() +{ + $redis = connectToRedis(); + if (!$redis) { + return false; + } + + $user_id = generateUUID(); + + $redis->hSet('users', $user_id, json_encode([ + 'created_at' => time(), + 'status' => 'active' + ])); + + $db_file = "db/$user_id.db"; + $db = new SQLite3($db_file); + + $schema_sql = file_get_contents('db/schema.sql'); + if (!$schema_sql) { + error_log("Failed to read schema file: $schema_path"); + return false; + } + + $db->exec($schema_sql); + + if (!$db) { + // Cleanup Redis entry if db creation fails + $redis->hDel('users', $user_id); + return false; + } + $db->close(); + + return ["user_id" => $user_id, "db_file" => "db/$user_id.db"]; +} + +function initializeApp($existing_user_id = null) +{ + if ($existing_user_id) { + /* $_SESSION["user_id"] = $existing_user_id; */ + } else { + return initializeNewUser(); + } +} + +function getDB($user_id = null) +{ + if (!is_null($user_id)) { + $db_file = "db/$user_id.db"; + if (!file_exists($db_file)) { + return createUserDatabase($user_id); + } + return new SQLite3($db_file); + } +} + +function registerUser($username, $email, $password) +{ + $db = getDB($_COOKIE['user_id']); + $query = "INSERT INTO users(username, email, password) values ('$username', '$email', '$password');"; + + return $db->exec($query); +} + +function loginUser($email, $password) +{ + global $RESULT_MODE; + $db = getDB($_COOKIE['user_id']); + $query = "SELECT username, password FROM users WHERE email = '$email';"; + $result = $db->query($query)->fetchArray($RESULT_MODE); + if ($result["password"] === $password) { + return $result['username']; + } else { + return null; + } +} + +function getUserById($id) +{ + global $RESULT_MODE; + $db = getDB($_COOKIE['user_id']); + $query = "SELECT username, email FROM users WHERE id = $id"; + try { + $result = $db->query($query); + return $result->fetchArray($RESULT_MODE); + } catch (Exception $e) { + $_SESSION['error_message'] = $e->getMessage()."\n"; + } +} + +function createProduct($title, $amountInStock) +{ + $db = getDB($_COOKIE['user_id']); + $query = "INSERT INTO products(title, amount_in_stock) values ('$title', $amountInStock)"; + + try { + return $db->exec($query); + } catch (Exception $e) { + $_SESSION['error_message'] = $e->getMessage()."\n"; + } +} + +function getProductsByTitle($title) +{ + global $RESULT_MODE; + + $db = getDB($_COOKIE['user_id']); + $query = "SELECT * FROM products WHERE title like '".$title."%'"; + + error_log($query, 0); + try { + $result = $db->query($query); + if ($result === false) { + error_log("{$db->lastErrorCode()}", 0); + throw new Exception($db->lastErrorMsg()); + } + + $products = []; + while ($row = $result->fetchArray($RESULT_MODE)) { + $products[] = $row; + } + return $products; + } catch (Exception $e) { + $_SESSION['error_message'] = $e->getMessage()."\n"; + } +} + +function getAllProducts() +{ + global $RESULT_MODE; + + $db = getDB($_COOKIE['user_id']); + $query = "SELECT * FROM products"; + + try { + $result = $db->query($query); + $products = []; + while ($row = $result->fetchArray($RESULT_MODE)) { + $products[] = $row; + } + return $products; + } catch (Exception $e) { + $_SESSION['error_message'] = $e->getMessage()."\n"; + } +} + +function deleteProductByTitle($title) +{ + $db = getDB($_COOKIE['user_id']); + $query = "DELETE FROM products where title='$title'"; + + try { + return $db->exec($query); + } catch (Exception $e) { + $_SESSION['error_message'] = $e->getMessage()."\n"; + } +} + +function getOrdersForUser($userId) +{ + global $RESULT_MODE; + + $db = getDB($_COOKIE['user_id']); + $query = "SELECT * FROM orders WHERE user_id = $userId"; + + try { + $result = $db->query($query); + return $result->fetchArray($RESULT_MODE); + } catch (Exception $e) { + $_SESSION['error_message'] = $e->getMessage()."\n"; + } +} + +function getOrdersForProduct($productId) +{ + global $RESULT_MODE; + + $db = getDB($_COOKIE['user_id']); + $query = "SELECT * FROM orders WHERE product_id = $productId"; + + try { + $result = $db->query($query); + return $result->fetchArray($RESULT_MODE); + } catch (Exception $e) { + $_SESSION['error_message'] = $e->getMessage()."\n"; + } +} diff --git a/header.php b/header.php new file mode 100644 index 0000000..82a1e71 --- /dev/null +++ b/header.php @@ -0,0 +1,40 @@ +
+ + +
+ + + + +

+ +
+ + + + + +
+ + +
+
diff --git a/index.css b/index.css new file mode 100644 index 0000000..7797863 --- /dev/null +++ b/index.css @@ -0,0 +1,122 @@ +body { + font-family: Arial, sans-serif; + max-width: 1200px; + margin: 0 auto; + padding: 10px; +} +.product { + background: #f5f5f5; + padding: 15px; + margin-bottom: 10px; + border-radius: 5px; +} +label { + display: block; + margin-bottom: 5px; +} +input, textarea, select { + width: 100%; + padding: 8px; + margin-bottom: 10px; + max-width: 400px; +} +button { + padding: 0.5rem 1rem; + background: #4CAF50; + color: white; + border: none; + cursor: pointer; + font-weight: bold; + border-radius: 3px; + text-decoration: none; + display: inline-block; +} +button:hover { + background-color: #45a049; +} +.delete { + background: #f44336; +} +.search { + background: #2196F3; +} +.warning { + color: #f44336; + font-weight: bold; +} + +header { + background-color: #333; + color: white; + padding: 1rem; + display: flex; + justify-content: space-between; + align-items: center; +} + +.nav-links { + display: flex; + gap: 1.5rem; +} + +.nav-links a { + color: white; + text-decoration: none; + font-weight: bold; +} + +.nav-links a:hover { + text-decoration: underline; +} + +.auth-section { + display: flex; + align-items: start; + gap: 0.75rem; +} + +#authenticate-form { + display: flex; + gap: 0.5rem; + align-items: start; +} + +#authenticate-form input { + padding: 0.5rem; + border: none; + border-radius: 3px; +} + +.register-btn { + background-color: #2196F3; +} + +.register-btn:hover { + background-color: #0b7dda; +} + +.user-info { + display: flex; + align-items: center; + gap: 1rem; +} + +.username { + font-weight: bold; +} + +.logout-link { + color: #ff9999; + text-decoration: none; +} + +.logout-link:hover { + text-decoration: underline; +} + +#product-forms { + padding: 0px 10px; + display: flex; + + justify-content: space-between; +} diff --git a/index.php b/index.php new file mode 100644 index 0000000..7ca8a9e --- /dev/null +++ b/index.php @@ -0,0 +1,49 @@ + diff --git a/login.php b/login.php new file mode 100644 index 0000000..3bfabca --- /dev/null +++ b/login.php @@ -0,0 +1,20 @@ + diff --git a/logout.php b/logout.php new file mode 100644 index 0000000..72f4e1b --- /dev/null +++ b/logout.php @@ -0,0 +1,10 @@ + diff --git a/orders.php b/orders.php new file mode 100644 index 0000000..b5c1125 --- /dev/null +++ b/orders.php @@ -0,0 +1,13 @@ + + + + + + Orders - WIP + + + + +

Orders - Work in progress!

+ + diff --git a/products.php b/products.php new file mode 100644 index 0000000..579a0d0 --- /dev/null +++ b/products.php @@ -0,0 +1,73 @@ + + + + + + + Products page + + + + +
+
+

Add new Product

+
+ + + + + + +
+ +
+
+
+

Find product by title

+
+ + + +
+ +
+
+
+ +

Products:

+ +

No products found.

+ + +
+

+

In stock: items

+

ID:

+
+ + + + diff --git a/register.php b/register.php new file mode 100644 index 0000000..2f72712 --- /dev/null +++ b/register.php @@ -0,0 +1,21 @@ + diff --git a/tutorial.php b/tutorial.php new file mode 100644 index 0000000..435b8b5 --- /dev/null +++ b/tutorial.php @@ -0,0 +1,167 @@ + + + + + + Vulnerability testing + + +

Welcome to vulnerability testing! Powered by PHP!

+ + + + + + 18) { + echo "Adult"; + } elseif ($age > 12) { + echo "Teenager"; + } else { + echo "Child"; + } + echo nl2br("\n\n"); + + switch($day) { + case "Monday": + echo "Start of week"; + break; + case "Friday": + echo "End of week"; + break; + default: + echo "Mid-week"; + } + echo nl2br("\n\n"); + + for ($i = 0; $i < 5; $i++) { + echo $i; + } + echo nl2br("\n\n"); + + $fruits = ["apple", "banana", "orange"]; + + foreach($fruits as $fruit) { + echo $fruit; + } + echo nl2br("\n\n"); + + foreach($fruits as $index => $fruit) { + echo "$index: $fruit"; + } + echo nl2br("\n\n"); + + $i = 0; + while ($i < 5) { + echo $i++; + } + echo nl2br("\n\n"); + ?> + + + + + + name = $name; + $this->age = $age; + } + + public function greet() { + return "Hello, my name is {$this->name} and I'm {$this->age} years old."; + } + + public function getAge() { + return $this->age; + } + } + + $person = new Person("John", 30); + echo $person->greet(); + echo $person->getAge(); + echo nl2br("\n\n"); + ?> + + "John", + "age" => 30, + "city" => "NewYork" + ]; + echo $person["name"]; + echo nl2br("\n"); + + $users = [ + ["name" => "John", "age" => 30], + ["name" => "Mary", "age" => 25], + ]; + echo $users[1]["name"]; + echo nl2br("\n"); + + $fruits[] = "grape"; // add item to the end + $person["job"] = "developer"; // add new K-V pair + + $count = count($fruits); + $exists = in_array("apple", $fruits); + sort($fruits); + $keys = array_keys($person); + $values = array_values($person); + + echo nl2br("\n\n"); + ?> + + diff --git a/users.php b/users.php new file mode 100644 index 0000000..d53ea16 --- /dev/null +++ b/users.php @@ -0,0 +1,13 @@ + + + + + + Users - WIP + + + + +

Users - Work in progress!

+ + diff --git a/utils.php b/utils.php new file mode 100644 index 0000000..9e75c99 --- /dev/null +++ b/utils.php @@ -0,0 +1,15 @@ +